Pages

Sunday, 29 May 2016

Consider Using a VPN: More Privacy for All Your Traffic

One option for anonymous browsing and privacy for other types of network traffic is using the Tor network which has been covered in a few articles here before. But although traffic is encrypted within the network when bouncing between relays, plain text over Tor is still plain text. Other problems are the slow speed and connectivity issues users may be facing with a volunteer network, user-unfriendly configuring of exit nodes and switching them on demand, and the fact that Tor is not suited to stream large files and video content, if only not to abuse donated bandwidth.

If you're downloading or torrenting a lot or watching a lot of streaming movies and TV shows paying a small fee for a Virtual Private Network is well worth it. There are also a few gratis options available if you want to skimp or are somehow philosophically opposed to paying for services, but I would caution that some things are worth the small investment it takes to be able to use them, in particular if it saves a lot of hassle and/ or money in the long run. An annual subscription to a VPN provider can be had for cheaper than a DVD box set, so watching a season of one show for free would have already made up for it.

Why should you do that? VPN's use high-grade encryption and same as Tor hide your requests among all the other traffic coming from or entering a particular server. In this way it acts like an anonymizer proxy. Although streaming movies is technically not illegal as they are not actually copied to the users storage for a significant amount of time (which means no copyright is infringed), in some countries law firms have specialised in sending desist letters to consumers, demanding hefty fines after identifying their IP addresses (an exercise which they are engaged in large-scale), same as with torrents and other P2P sharing software. Even if you're not doing anything illegal, you can save yourself a lot of hassle in the form of having to write letters, refuting allegations, or even having to hire your own lawyer. In addition, you get an extra layer of encryption around your emails and web searches. The good clients also have a kill switch to prevent data from leaking and giving away your location and ensure no unencrypted traffic gets out. A small problem remains for the paranoid: How can we be sure that the provider really keeps to their privacy policy and promises of no logging etc. Worse, how can we be sure it's not the security agencies, or the entertainment industry building a massive case, who are really behind our chosen provider and monitoring everything we are sending through their systems? It's a question of trust, I guess. A VPN also allows you to circumvent the blocking of major torrent sites that is done by most ISP's now and get around geo-blocking implemented by TV channels and providers of online content, even on Youtube, and to connect to another country or exit node with one click.

Here's my experiences with some of the providers used so far.

Browser plugins.

All the below also have clients for Android where due to this they function like a traditional VPN, encapsulating all traffic and not just the browser.

I've used Zenmate's free service since probably 2009 as a browser plugin with Google Chrome -before they had desktop clients- until recently on and off. The good thing about having a free plugin as well as a full VPN with another provider is that one can a) use this as an extra layer of security as an encrypted tunnel within a tunnel, b) it may provide additional exit points in countries your other provider is not covering. A browser plugin of course only encrypts browser traffic, but if you're only using webmail in a public wifi hotspot, or are even doing everything through your browser like with ChromeOS, this, theoretically and barring any inherent flaws and leakage, should still keep you safe.

Zenmate performed admirably for years here during its very long lasting free trial period. Predictably, it got worse once it had picked up more users and varied between bandwidth good enough to stream TV channels for hours and extreme slow, dropped connections on other days. Last year I also tried the Android client but found like other users it would sometimes not connect and become extremely slow after initially working well enough for streaming, as if a usage amount had been reached and usage capped although this is not announced. There are promotions and a free trial for the premium service but in my experience it did not perform any better. The free plan does not include the UK any more, presumably because of the popularity of TV programmes like BBC and ITV players. Last, Zenmate premium is quite expensive at $59.99/€59.99/£49.99 for the yearly plan and even after a hefty discount during one of their promotions still came in more expensive than my current first choice, but it does throw in added protection from trackers, adware and malware.

Zenmate also has desktop clients for Windows and OS X and can probably be set up with openvpn on Linux.

This one is part of the Opera Software Company, the people behind the Opera browser. They're also offering another VPN service on Android and for mobile devices (Opera Max) which cuts down on the traffic by filtering and compressing, using in part the same technology their various Opera browsers are using which used to be a boon in dial-up times and again in times of limited data plans and capped DSL bandwidth that is still afflicting countries like Australia. Problem is with this, if you're opting for compression and data saving, you cannot have a real VPN, as obviously one cannot have two VPN connections at the same time.

SurfEasy is a full VPN service. The free plan only offers a very limited bandwidth of I think around 700MB per month, renewing a month after activation. There are several ways of earning more data allowance which, once earned, also renews from month to month. Not a bad deal but still, hardly enough to watch online video or even Youtube. It's ok though if you're just looking to secure your connection for the odd browsing session, emailing and research, even reading one or the other book online. On the upside, SurfEasy offers plenty of locations and during my usage always has shown exceptionally good throughput. No stuttering or buffering here. The free plan is supposed to make money by aggregating anonymous usage data of its users browsing habits so bear that in mind. The paid plan also offers protection from ad-tracking and presumably will not analyse your browsing. However, a discounted rate of $77.88 for 12 months or $11.99 for one month does not exactly strike me as good value.

This is probably the most complete solution in terms of clients. SurfEasy has browser plugins for Chrome and Opera, desktop clients for Windows and Mac, Android, Iphone and Ipad and also a so-called SurfEasy Private Browser USB plugin solution to run from USB key "for private and secure browsing on any computer or network", which sounds a bit like the Tor Browser Bundle.

Despite the limitations of the free plan I was impressed by how well it worked. Both the browser plugin and the client on an Android tablet worked flawlessly within the allotted data allowance and new data earned added immediately. In the optimized setting the client randomly picks a location to aid privacy.

I must confess I haven't used this one much but when I have it did not seem capped and offered good speed for online video. Again, I ran it as a browser plugin on a Chrome book as well as the Android client on my Kodi/ Android Player box for a session of torrenting and some online streaming. It did not seem restricted and did not loose connection. If I recall correctly it's also the only one that does not require registering an email address to open an account.

On the free plan the app offers users to download other apps or watch videos from their sponsors, but to be honest I didn't see any of that, possibly due to an active ad-blocker. Their site states that this is how Betternet makes money to keep the servers running. A premium plan is available which offers more locations and a higher quality of service but in my opinion the free service with no evident data caps was fine. No pricing information on the website. They promise unlimited, free service for ever. This alone may make it the VPN of choice for many, or at least one to always be able to fall back on. If you go for the optimized setting the client will connect to the nearest server, meaning the one with the lowest latency.

Betternet has plugins for Chrome and Firefox which is another point in its favour for all the users sticking to Mozilla's browser. Desktop clients are available for iOS, Android and Windows. It does not look like settings are available to set this up on Linux with openvpn.

Now there's also another service for mobile devices called Hexatech with clients for Android and iOS with a paid plan for $1 a month.

Cactus VPN are offering various products either for geo-unblocking/ proxying only or a full VPN service. Protocols supported are L2TP/IPsec, OpenVPN, SSTP, SoftEther and PPTP and they're offering high-grade encryption and no logging, with torrenting and P2P sharing allowed on Netherlands and Romanian servers. Cactus VPN as a business is apparently located in Moldova which is nicely out of reach for the more litigation minded industries that try to abuse state power for their own financial gain. Together with the policy of no logs this should go some way to safeguard your privacy.

I used this provider for a year's subscription and had a good experience. Occasionally servers would drop and be replaced which would necessitate some cleaning up on my devices, removing dead ones and adding new ones. Possibly their IP's were blacklisted by streaming sites as known VPN servers. In the end, so often not getting a connection was annoying although in all fairness, usually servers were up and when they worked they worked well and I had uptime for days. All servers are in either the US, the UK, Netherlands or Romania. In the end, the only reason I stopped using Cactus was that they do not offer a server in Germany which is sometimes needed to get around the geo-blocking German TV and media libraries are using. Not an issue for everybody and one can maintain another service for this location, as above.

CactusVPN is good value and they often run promotions on all sorts of occasions like Valentine's Day, Easter, or Christmas when they're even cheaper, up to 2/3s. Standard prices are either $38.99 per year for a choice of locations or $54.99 for all 16, but yes, you can get it for half of that or less. They have clients for Android, Mac, iOS and Windows and provide settings and instructions to set it up with Networkmanager on Linux, on Chromebooks, media players and routers if you want to cover the entire home.

A free 24-hour trial is also available and a range of ways to pay. Subscribers can have up to three devices connected at once. On Android this worked well using OpenVPN Connect.

I didn't particularly enjoy using Tor VPN. The free service is capped at 2 GB and one constantly needs to log in to the website again to reactivate. Several products are available but are either capped in usage (10 GB per month) or have a higher cap of 60 or 100 GB but are still let down by a lack of locations - between one and three depending on price plan. On the free plan only Hungary is available. With the custom plan one can get up to seven locations. There are better deals around and configuring was cumbersome. However, it may be for you if you're after a static IP address. Tor VPN does not offer any client software of its own but offers guides how to set up openvpn via generic connectivity software. PPTP is supported as alternative for when VPN is not an option as well as SSH tunnelling as a last resort.

Apparently this VPN is using the Tor network to bounce packets around, but whatever. If you're only after unblocking certain sites or adding an element of anonymity there's also a free proxy list curated by Tor VPN but the servers are not maintained by them. I have not used them and have no idea how fast these are. Tor VPN does not seem very popular. Their main server, which is physically located in Budapest, has around 40 users at any given time, it is also the only server people on the free plan are able to use. Between 10-19 users were connected to the other servers so they probably have between 20 and 30 paying subscribers altogether.

Huge choice of locations, intuitive and easy to use, well configured desktop clients, good throughput and no dropped connections or dead servers ever. Kill switch on the Android client to prevent data leaks and no logging policy. With this no traffic will be allowed to leave until the VPN is connected. Slight problem is they are in the United States so it depends on whether you want to trust if they are as good as they say about your privacy.

PIA is streaming all content on my Android Player box and so far has not disappointed. One can have three concurrent connections. A yearly package will set you back $39.95 at the moment (or $6.95 for one month) for 3339 servers in 25 countries, some of which appear to be redirected to get around the blacklisting and need to always add new IP's issue. For that you get OpenVPN support, Socks5 support, PPTP and L2TP/IPsec for devices like Chromebooks that do not allow installing additional software clients and do not have OpenVPN built in. One needs to log in and generate a new user name and password for this protocol but it all works painless and is easy to set up. There are plenty of instructions in the support section and the forum how to set this up with the manifold devices and protocols.
Supported are Windows, Mac OS since 10.4, iPhone/iPad, Android and most other devices via instructions provided, like Network manager for Linux and various routers and gateways to secure the entire home network in one go.

All in all my clear favourite with good bandwidth at all times and a wide range of ways to pay, for example anonymously via gift cards. This is also the only VPN I know of that offers a 7-day money back guarantee.

Several VPN's provide an IP check on their website and, if not connecting from one of their own addresses, advise that the user is "not protected". This is of course rubbish as you may be connecting from another VPN or the Tor network. A more differentiated check would be nice.